WEBINAR:

Last week Mozilla rolled out Firefox 3.5.3, which checks the user's version of Adobe Flash. As it turns out, in one week alone, 10 million people clicked on the Adobe update, according to Mozilla.

That's a staggering number. That potentially means that 10 million people were running older out-of-date and insecure versions of Flash. It means that despite Adobe's own efforts to get people to update with their own update mechanisms and public outreach that 10 million people were still left out of the loop.

Flash is at risk from a critical vulnerability that Adobe has already patched. Yet there are still a good number of un-patched Flash users. One study I reported on last month claimed that the number is as high as 80 percent of Flash users.

How does that correlate with Mozilla's numbers? Are 80 percent of Firefox users running un-patched versions of Firefox?

The current publicly available figures from Mozilla do not seem to lead to that conclusion. Though the 10 million figure is certainly a number to take seriously. Mozilla's numbers guy Ken Novash blogged that the click through rate on the Firefox 3.5.3 What's New page, (which is where the Flash update notice first appears) was 30 percent. Taking a (small) leap of faith and without having the full data set myself, I'm going to assume that means that at least 30 percent of Firefox 3.5.3 users had out-of-date versions of Flash.

So no, it's not 80 percent, but it's still a non-trivial number. It also raises another huge question.

What about Microsoft IE users?

There are a lot more IE users
than Firefox users, IE does not have a Flash check. Does that then
imply that more than 10 million IE users are also at risk?

I've
written before about the need for a unified update mechanism in Windows
similar to what Linux users have already. I know that's not likely to
happen in a broad sense anytime soon.

It is now abundantly
clear to me that all browser add-ons/plug-ins MUST be checked by the
browser for update status. All browser vendors should come to the same
conclusion as Mozilla for the safety of their own users and the
integrity of the Internet itself.